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File: USPT 



Dec 23, 2003 



US-PAT-NO: 6668325 

DOCUMENT- IDENTIFIER: US 6668325 Bl 

** See image for Certificate of Correction ** 

TITLE: Obfuscation techniques for enhancing software security 
DATE-ISSUED: December 23, 2003 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Collberg; Christian Sven Auckland NZ 

Thomborson; Clark David Auckland NZ 

Low; Douglas Wai Kok Auckland NZ 

US -CL- CURRENT: 713/194; 713/200 



The present invention provides obfuscation techniques for enhancing software 
security . In one embodiment, a method for obfuscation techniques for enhancing 
software security includes selecting a subset of code (e.g., compiled source code 
of an application) to obfuscate, and obfuscating the selected subset of the code. 
The obfuscating includes applying an obfuscating transformation to the selected 
subset of the code. The transformed code can be weakly equivalent to the 
untransformed code. The applied transformation can be selected based on a desired 
level of security (e.g., resistance to reverse engineering). The applied 
transformation can include a control transformation that can be creating using 
opaque constructs, which can be constructed using aliasing and concurrency 
techniques. Accordingly, the code can be obfuscated for enhanced software security 
based on a desired level of obfuscation (e.g., based on a desired potency, 
resilience, and cost) . 

171 Claims, 55 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 27 
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US-PAT-NO: 6643775 
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TITLE: Use of code obfuscation to inhibit generation of non-use-restricted versions 
of copy protected software applications 

DATE- ISSUED: November 4, 2003 

INVENTOR - INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Granger; Mark J. Azusa CA 

Smith; Cyrus E. Monrovia CA 

Hoffman; Matthew I. South Pasadena CA 

US -CL- CURRENT: 713/190; 380/255, 380/268, 713/201 



Three methods are disclosed for protecting software applications from unauthorized 
distribution and use (piracy) . The first method involves using values generated by 
a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
values returned by the ESD, and the user data is later decrypted using like values 
returned by a software -implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 

48 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 11 
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US-PAT-NO: 6480959 

DOCUMENT- IDENTIFIER: US 6480959 Bl 

TITLE: Software system and associated methods for controlling the use of computer 
programs 

DATE- ISSUED: November 12, 2 002 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Granger; Mark J. Azusa CA 

Smith; Cyrus E. Monrovia CA 

Hoffman; Matthew I. South Pasadena CA 

US -CL- CURRENT: 713 / 189 ; 713 / 200 



Three methods are disclosed for protecting software applications from unauthorized 
distribution and use (piracy) . The first method involves using values generated by 
a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
values returned by the ESD, and the user data is later decrypted using like values 
returned by a software -implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 

50 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 11 
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TITLE: Security and access management system for web-enabled and non-web-enabled 
applications and content on a computer network 

DATE- ISSUED: October 1, 2002 



INVENTOR- INFORMATION : 
NAME 

Olden; Eric M. 



CITY 

San Francisco 



STATE 
CA 



2IP CODE 



COUNTRY 



US -CL- CURRENT: 713/201; 713/202 



ABSTRACT : 



A security and access management system provides unified access management to 
address the specific problems facing the deployment of security for the Web and 
non-Web environment. Unified access management consists of strategic approaches to 
unify all key aspects of Web and non-Web security policies, including access 
control, authorization, authentication, auditing, data privacy, administration, and 
business rules. Unified access management also addresses technical scalability 
requirements needed to successfully deploy a reliable unified Web and non-Web 
security system. The security and access management system provides the technology 
required to support these key factors as they relate to Web and non-Web security . 
The security and access management system operates in combination with network and 
system security tools such as firewalls, network intrusion detection tools, and 
systems management tools to provide comprehensive security for the Web-enabled 
enterprise . 

3 Claims, 37 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 36 
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TITLE: Systems and methods for secure transaction management and electronic rights 
protection 

DATE-ISSUED: July 30, 2002 



INVENTOR- INFORMATION : 
NAME 
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Shear; Victor H. 
Spahn; Francis J. 
Van Wie; David M. 
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us -CL- CURRENT: 705/80; 705/53, 713/193 



ABSTRACT : 

The present invention provides systems and methods for secure transaction 
management and electronic rights protection. Electronic appliances such as 
computers equipped in accordance with the present invention help to ensure that 
information is accessed and used only in authorized ways, and maintain the 
integrity, availability, and/or confidentiality of the information. Such electronic 
appliances provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to control and/or 
meter or otherwise monitor use of electronically stored or disseminated 
information. Such a virtual distribution environment may be used to protect rights 
of various participants in electronic commerce and other electronic or electronic - 
facilitated transactions. Distributed and other operating systems, environments and 
architectures, such as, for example, those using tamper-resistant hardware -based 
processors, may establish security at each node. These techniques may be used to 
support an all-electronic information distribution, for example, utilizing the 
"electronic highway." 

30 Claims, 155 Drawing figures 
Exemplary Claim Number; 24 
Number of Drawing Sheets: 146 
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□ 6. Document ID: US 6415316 Bl 
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US-PAT-NO: 6415316 

DOCUMENT- IDENTIFIER: US 6415316 Bl 

** See image for Certificate of Correction ** 

TITLE: Method and apparatus for implementing a web page diary 
DATE -ISSUED: July 2, 2 002 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Van Der Meer; Joannes Jozef Everardus Amersfoort NL 

US -CL- CURRENT: 709/203; 705/8, 709/217, 713/166, 713/167, 715 / 501. 1 , 715/513, 
715/526 



ABSTRACT: 

A method and apparatus to create a "diary" containing multimedia references to 
contents of Websites. These references (also called addresses) can be to, for 
example, text, bookmarks, images, programs, movies, etc. Many content objects are 
provided via the Websites of "content providers," with the specific intent of 
making the content objects available to a user to place in his diary. Each diary 
page has a format specified by a cover. The cover is provided by a cover provider 
and specifies where on the diary page the diary owner can place his content. The 
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name "diary" arises because the invention preferably allows the user to save these 
references in association with dates and/or times. The pages of a user's diary may 
be navigated like a book, moving forward and backward through the pages or jumping 
to a particular page. In addition to storing references to Web information, the 
user can also jot down reminders, enter appointments, and birthdays, etc. for 
dates. A user is allowed to choose a visual "theme" for the pages of his diary. 
This theme can be changed at any time by the user and reflects how the user wants 
to present himself and his diary to the world. The user can set various levels of 
privacy for different portions of his diary. 

3 9 Claims, 3 3 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets: 23 



RevieiAi Classification 
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L12 : Entry 7 of 25 



File: USPT 



Apr 23, 2002 



US-PAT-NO: 6378075 
DOCUMENT- IDENTIFIER: 



US 6378075 Bl 



TITLE: Trusted agent for electronic commerce 
DATE-ISSUED: April 23, 2002 



INVENTOR- INFORMATION : 
NAME 

Goldstein; Theodore C. 
Martinez; Ronald G. 
Rubin; Paul 



CITY STATE 

Palo Alto CA 

San Francisco CA 

Milpitas CA 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 713/200; 705/64 



ABSTRACT : 



A trusted agent server provides a networked application that assists a customer in 
managing their online commercial affairs. A user contacts the server using a 
network access device, such as a browser on a personal computer. The trusted agent 
client component augments the user's network access device to perform business 
transactions on behalf of the user. The user controls these transactions through 
the trusted agent server. A trusted agent service is a trusted agent client 
component application which operates in conjunction with the trusted agent server. 
The trusted agent service is an Internet-based mechanism that makes single-click 
buying available on any commercial Web site. The trusted agent also provides 
customers with access to personal and credit card information used during single- 
click transactions, smart receipts used for ongoing customer support, merchant and 
product preference settings, and direct response product offerings keyed to these 
preferences. Because this information is all stored on the trusted agent server, it 
is available to any device connected to the Internet. The trusted agent service is 
implemented by operating the trusted agent server. 



22 Claims, 9 Drawing figures 
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n 8. Document ID: US 6374286 Bl 

L12: Entry 8 of 25 



File: USPT 



Apr 16, 2002 



US-PAT-NO: 6374286 

DOCUMENT- IDENTIFIER: US 6374286 Bl 

TITLE: Real time processor capable of concurrently running multiple independent 
JAVA machines 

DATE-ISSUED: April 16, 2002 



INVENTOR- INFORMATION : 
NAME 

Gee; John K. 
Greve; David A. 
Hardin; David S. 
Mass; Allen P. 
Masters; Michael H. 
Mykris; Nick M. 
Wilding; Matthew M. 



CITY 


STATE 


Mt . Vernon 
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ZIP CODE 
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US -CL- CURRENT: 718/108; 710 / 260 , 713/502, 718/1 



ABSTRACT: 



Multiple Java Virtual Machines (JVMs) operate on a single direct execution JAVA 
processor with each JVM operating in a separate time slice called a partition. Each 
JVM has its own data and control structures and is assigned a fixed area of memory. 
Each partition is also allotted a fixed period of time in which to operate, and, at 
the end of the allotted time, a context switch is forced to another JVM operating 
in the next partition. The context switch does not transfer control directly from 
one JVM to another JVM. Instead, at the end of a partition time period control is 
switched from the currently operating JVM to a "master JVM" during a time period 
called an "interstice." The master JVM handles system interrupts and housekeeping 
duties. At the end of the interstice time period, the master JVM starts a proxy 
thread associated with the next JVM to become operational. The proxy thread handles 
JVM-specif ic interrupts and checks the status of the associated JVM. If the JVM 
appears operational the proxy thread transfers control to the JVM thread. Time 
intervals such as partition times and interstice times are enforced by hardware 
timers and memory accesses are checked by address comparison circuitry to prevent a 
system failure due to a malfunction in either the master JVM or another JVM. 



25 Claims, 23 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 21 
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File: USPT 
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US-PAT-NO: 6363488 

DOCUMENT- IDENTIFIER: US 63 634 8 8 Bl 

** See image for Certificate of Correction ** 

TITLE: Systems and methods for secure transaction management and electronic rights 
protection 

DATE- ISSUED: March 26, 2002 



INVENTOR- INFORMATION : 
NAME 

Ginter; Karl L. 
Shear; Victor H. 
Spahn; Francis J. 
Van Wie; David M. 



CITY 


STATE 


Beltsville 


MD 


Bethesda 


MD 


El Cerrito 


CA 


Eugene 


OR 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 713 / 201 ; 705/14, 705/53 



ABSTRACT: 



The present invention provides systems and methods for secure transaction 
management and electronic rights protection. Electronic appliances such as 
computers equipped in accordance with the present invention help to ensure that 
information is accessed and used only in authorized ways, and maintain the. 
integrity, availability, and/or confidentiality of the information. Such electronic 
appliances provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to control and/or 
meter or otherwise monitor use of electronically stored or disseminated 
information. Such a virtual distribution environment may be used to protect rights 
of various participants in electronic commerce and other electronic or electronic - 
facilitated transactions. Distributed and other operating systems, environments and 
architectures, such as, for example, those using tamper-resistant hardware -based 
processors, may establish security at each node. These techniques may be used to 
support an all-electronic information distribution, for example, utilizing the 
"electronic highway." 

6 Claims, 155 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 146 
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US-PAT-NO: 6353892 

DOCUMENT- IDENTIFIER: US 6353892 Bl 

** See image for Certificate of Correction ** 

TITLE: Copy protection of digital images transmitted over networks 
DATE -ISSUED: March 5, 2 002 



INVENTOR- INFORMATION : 
NAME 

Schreiber; Daniel 
Goldman; Andrew 



CITY 

Beit Shemesh 
Beit Shemesh 



STATE ZIP CODE 



COUNTRY 

IL 

IL 



US -CL- CURRENT: 713/201 



ABSTRACT : 



A method for protecting digital images distributed over a network, including the 
steps of receiving a request from a client computer running a network browser, for 
an original layout page containing references to digital images therein, parsing 
the original layout page for the references to digital images, generating a 
modified layout page from the original layout page by replacing at least one of the 
references to digital images in the original layout page with references to 
substitute data, and sending the modified layout page to the client computer. A 
system is also described and claimed. 

32 Claims, 19 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 15 
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TITLE: Use of pseudocode to protect software from unauthorized use 
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NAME 
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Smith; Cyrus E. 
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CITY 
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US -CL- CURRENT: 713/200; 380 /255, 380/268, 713/201 
ABSTRACT : 
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Three methods are disclosed for protecting software applications from unauthorized 
distribution and use (piracy) . The first method involves using values generated by 
a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
values returned by the ESD, and the user data is later decrypted using like values 
returned by a software -implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 

3 0 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 11 
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□ 12. Document ID: US 6327661 Bl 

L12: Entry 12 of 25 File: USPT Dec 4, 2001 

US-PAT-NO: 6327661 

DOCUMENT- IDENTIFIER: US 6327661 Bl 

TITLE: Using unpredictable information to minimize leakage from smartcards and 
other cryptosystems 

DATE -ISSUED: December 4, 2 001 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Kocher; Paul C. San Francisco CA 

Jaffe; Joshua M. San Francisco CA 

•Jun; Benjamin C. Palo Alto CA 

US -CL- CURRENT: 713/193 ; 380/28, 380/46, 380/47, 713/322, 713/323, 713/501 
ABSTRACT : 

Methods and apparatuses are disclosed for securing cryptosystems against external 
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monitoring attacks by reducing the amount (and signal to noise ratio) of useful 
information leaked during processing. This is generally accomplished by 
incorporating unpredictable information into the cryptographic processing. Various 
embodiments of the invention use techniques such as reduction of signal to noise 
ratios, random noise generation, clock skipping, and introducing entropy into the 
order of processing operations or the execution path. The techniques may be 
implemented in hardware or software, may use a combination of digital and analog 
techniques, and may be deployed in a variety of cryptographic devices. 

3 6 Claims, 2 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 2 
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TITLE: Method and system for copyright protection of digital images transmitted 
over networks 

DATE-ISSUED: October 2, 2001 



INVENTOR- INFORMATION : 
NAME 

Schreiber; Daniel 
Goldman; Andrew 



CITY 

Beit Shemesh 
Beit Shemesh 



STATE 



ZIP CODE 



COUNTRY 

IL 

IL 



US -CL- CURRENT: 713/201; 713/200 



ABSTRACT : 



A method for protecting digital images distributed over a network, including the 
steps of receiving a request from a client computer running a network browser, for 
an original layout page containing references to digital images therein, parsing 
the original layout page for the references to digital images, generating a 
modified layout page from the original layout page by replacing at least one of the 
references to digital images in the original layout page with references to 
substitute data, and sending the modified layout page to the client computer. A 
system is also described and. claimed. 

12 Claims, 19 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets : 14 
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□ 14. Document ID: US 6282573 Bl 

L12 : Entry 14 of 25 



File: USPT 



Aug 28, 2001 



US-PAT-NO: 6282573 
DOCUMENT- IDENTIFIER : 



US 6282573 Bl 



TITLE: Computer architecture for managing courseware in a shared use operating 
environment 



DATE- ISSUED: August 28, 2 001 

INVENTOR- INFORMATION : 
NAME 

Darago; Vincent S. 
Jenkins; Christopher 



CITY 

Manasquan 
Springville 



STATE 

NJ 

UT 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 709 / 229 ; 709/217, 713/201 



ABSTRACT : 



Methods, devices, and systems are provided in a multi- level computer architecture 
which provides improved capabilities for managing courseware and other content in a 
shared use operating environment such as a computer network. In particular, the 
invention provides a commercial networked instruction content delivery method and 
system which does not exclude synchronous sharing but is focused on asynchronous 
sharing. Security in the architecture provides content property holders with the 
ability to know how many minutes of use an individual made of licensed material and 
with increased certainty that their material cannot be used, copied, or sold in 
usable form unless lo and until a user site is connected or reconnected to a 
minute-by-minute counter which is located off the premises of the user. This 
security link helps protect software and other works which are being sold or 
licensed to an individual, organization, or entity, and creates income 
opportunities for owners of such content. 
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ABSTRACT: 

Untrusted executable code programs (applets or controls) are written in native, 
directly executable code. The executable code is loaded into a pre-allocated memory 
range (sandbox) from which references to outside memory are severely restricted by 
checks (sniff code) added to the executable code. Conventional application-program 
interface (API) calls in the untrusted code are replaced with translation-code 
modules (thunks) that allow the executable code to access the host operating 
system, while preventing breaches of the host system's security . Static links in 
the code are replaced by calls to thunk modules. When an API call is made during 
execution, control transfers to the thunk, which determines whether the API call is 
one which should be allowed to execute on the operating system. 

20 Claims, 4 Drawing figures 
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Number of Drawing Sheets: 4 



US-PAT-NO: 6253326 

DOCUMENT- IDENTIFIER: US 6253326 Bl 

TITLE: Method and system for secure communications 
DATE- ISSUED: June 2 6, 2 001 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Lincke; Scott D. San Carlos CA 

Marianetti, II; Ronald Morgan Hill CA 

US -CL- CURRENT: 713/201; 380/255, 380/270, 713/168, 713/200 



A communications system and methods for securely transmitting a message between a 
wireless client and a proxy server are provided. A method for transmitting a 
message from the wireless client to a proxy server is provided. The message 
includes at least one packet of data and is encrypted using a data encryption key. 
The data encryption key is encrypted using a proxy server public key prior to 
sending the encrypted data encryption key to the proxy server. A method for 
transmitting a message from the proxy server to the wireless client is also 
provided. The proxy server recovers the data encryption key using the proxy server 
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private key corresponding to the proxy server public key. The proxy server encrypts 
the message using the data encryption key and transmits the encrypted message to 
the wireless client. A communications system for secure communications comprising a 
source of data, a proxy server and a wireless client is also provided. Each 
transaction in the communications system comprises at least one recjuest message and 
at least one response message. For each transaction, the wireless client encrypts a 
data encryption key using a proxy server public key. Messages exchanged between the 
wireless client and the proxy server are encrypted using the transaction specific 
data encryption key. 
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ABSTRACT: 



A method for protecting an operating environment on a processor from a rogue 
program operating on the processor comprising isolating simultaneously executing 
programs or operating systems is disclosed. Memory space for use only by the first 
program while the first program is executing is allocated. Communication between 
the first program and the computer's operating environment is accomplished through 
a single link employing one of several methods including using shared memory space, 
a dedicated interrupt or a dedicated I/O port. The monitor manages a restricted 
operating environment for the first program on the processor, the restricted 
operating environment preventing the first program from accessing resources on the 
processor except for the allocated memory space the single communication link. 
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The present invention defines a means for establishing a secure connection between 
a Java Applet and a secure web server for protocols other than Https via the use of 
a Java Security Service. More specifically, the present invention uses the web 
browser's installed certificates to setup and establish an encrypted session 
between the Java Applet and the secure web server. The secure connection is then 
used to retrieve the certificates required by the Java security service. 
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us -CL- CURRENT: 714/30; 713/400, 713/500, 713/503, 714/54, 714/55, 714/731 



ABSTRACT : 



A system, method and apparatus including a logic module, preferably embodied as an 
electronic card that operates in combination with a PC to correct errors caused by 
deficiencies existing in logic residing on the PC's motherboard, such as the PC's 
BIOS. The preferred logic card includes a transceiver module, a memory module (e.g. 
an EPROM or Masked ROM) containing storage elements and executable code stored as 
pages. The preferred logic card also includes a page register module in 
communication with the transceiver and the memory, and a paging mechanism that 
cooperates with the page register and the transceiver for allowing only a 
predetermined number of bytes (pages) of executable code to be accessible for 
operation in the PC's main-memory in order to correct errors caused by deficiencies 
existing in logic residing on the PC's motherboard. 
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US -CL- CURRENT: 705 /54; 705 /26, 713 / 167 
ABSTRACT: 

The present invention provides systems and methods for secure transaction 
management and electronic rights protection. Electronic appliances such as 
computers equipped in accordance with the present invention help to ensure that 
information is accessed and used only in authorized ways, and maintain the 
integrity, availability, and/or confidentiality of the information. Such electronic 
appliances provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to control and/or 
meter or otherwise monitor use of electronically stored or disseminated 
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information. Such a virtual distribution environment may be used to protect rights 
of various participants in electronic commerce and other electronic or electronic- 
facilitated transactions. Distributed and other operating systems/ environments and 
architectures, such as, for example, those using tamper-resistant hardware -based 
processors, may establish security at each node. These techniques may be used to 
support an all-electronic information distribution, for example, utilizing the 
"electronic highway." 
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The present invention is a method of creating a secure sandbox within which a 
plurality of downloaded software components can execute in a secure manner. The 
software components can be of any type, e.g., Java, ActiveX, Netscape plugin, etc. 
The invention implements a security monitor that is injected to the address space 
of an arbitrary monitored application such as a Web browser, e.g., Internet 
Explorer, Netscape Navigator, etc. The monitored application then executes in a 
secure mode in which every software component downloaded executes in a secure 
sandbox. The security monitor detects when such a software component is downloaded 
and is operative to create the sandbox around it before it is permitted to execute. 
If the software component attempts to commit an action that breaches security, it 
halts the software component's execution and issues a warning to the user. The 
security monitor detects attempted security breaches by the software component in 
accordance with a user configurable security policy. Such a policy may include 
limiting file read/write access, access to directories, disk access, creation and 
the reading/writing of network connections, access to system resources and services 
and access to the address spaces of other processes. 
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ABSTRACT : 



The present invention provides systems and methods for secure transaction 
management and electronic rights protection. Electronic appliances such as 
computers equipped in accordance with the present invention help to ensure that 
information is accessed and used only in authorized ways, and maintain the 
integrity, availability, and/or confidentiality of the information. Such electronic 
appliances provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to control and/or 
meter or otherwise monitor use of electronically stored or disseminated 
information. Such a virtual distribution environment may be used to protect rights 
of various participants in electronic commerce and other electronic or electronic- 
facilitated transactions. Distributed and other operating systems, environments and 
architectures, such as, for example, those using tamper-resistant hardware -based 
processors, may establish security at each node. These techniques may be used to 
support an all -electronic information distribution, for example, utilizing the 
"electronic highway." 
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ABSTRACT : 



The present invention provides systems and methods for secure transaction 
management and electronic rights protection. Electronic appliances such as 
computers equipped in accordance with the present invention help to ensure that 
information is accessed and used only in authorized ways, and maintain the 
integrity, availability, and/or confidentiality of the information. Such electronic 
appliances provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to control and/or 
meter or otherwise monitor use of electronically stored or disseminated 
information. Such a virtual distribution environment may be used to protect rights 
of various participants in electronic commerce and other electronic or electronic- 
facilitated transactions. Distributed and other operating systems, environments and 
architectures, such as, for example, those using tamper-resistant hardware-based 
processors, may establish security at each node. These techniques may be used to 
support an all-electronic information distribution, for example, utilizing the 
"electronic highway." 
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ABSTRACT: 

The present invention provides systems and methods for electronic commerce 
including secure transaction management and electronic rights protection. 
Electronic appliances such as computers employed in accordance with the present 
invention help to ensure that information is accessed and used only in authorized 
ways, and maintain the integrity, availability, and/or confidentiality of the 
information. Secure subsystems used with such electronic appliances provide a 
distributed virtual distribution environment (VDE) that may enforce a secure chain 
of handling and control, for example, to control and/or meter or otherwise monitor 
use of electronically stored or disseminated information. Such a virtual 
distribution environment may be used to protect rights of various participants in 
electronic commerce and other electronic or electronic-facilitated transactions. 
Secure distributed and other operating system environments and architectures, 
employing, for example, secure semiconductor processing arrangements that may 
establish secure, protected environments at each node. These techniques may be used 
to support an end-to-end electronic information distribution capability that may be 
used, for example, utilizing the "electronic highway." 

220 Claims, 177 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets: 163 



US-PAT-NO: 5870544 

DOCUMENT- IDENTIFIER: US 5870544 A 

TITLE: Method and apparatus for creating a secure connection between a java applet 
and a web server 

DATE- ISSUED: February 9, 1999 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Curtis; Bryce Allen Round Rock TX 

US -CL- CURRENT: 713/201; 709/229, 713/150, 713/151, 713/156, 713/200 




H 




□ 25. Document ID: US 5870544 A 

L12: Entry 25 of 25 



File: USPT 



Feb 9, 1999 



http://westbrs:9000/bin/gate.exe?^TOC&state=6t076m. 1 3&re^l2&dbname=USPT&ESNA... 3/14/05 



Record List Display 



Page 21 of 21 



ABSTRACT : 

The present invention defines a a method, an apparatus and a computer program 
product for establishing a secure connection between a Java Applet and a secure web 
server for protocols other than Https via the use of a Java Security Service. More 
specifically, the present invention uses the web browser's installed certificates 
to setup and establish an encrypted session between the Java Applet and the secure 
web server. The secure connection is then used to retrieve the certificates 
required by the Java security service. 
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Exemplary Claim Number: 1 
Number of Drawing Sheets: 4 
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ABSTRACT : 



A method and apparatus for automatically configuring a network switch having 
external network data ports, a processor, and memory. Network data is monitored on 
the external network data port. Information about the network data traffic is 
compared to one or more threshold conditions. The network switch is automatically 
configured if the network data meets one of the threshold conditions. The monitor 
and configuration functions can be performed by software running on the processor 
which has been downloaded from an external network maintenance station through a 
maintenance data port. Information about the network data traffic can be uploaded 
to the external network maintenance station through a maintenance data port. 
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ABSTRACT: 



A computer system for generating and analyzing application trace data includes a 
monitor for launching Java language virtual machines using the Java Platform Debug 
Architecture to enable the virtual machines to generate event data on the 
occurrence of specified events during application execution on the virtual 
machines. The event data is placed on an event queue and the monitor removes the 
event data from the event queue for forwarding to a logging service. The logging 
service records the event data in a trace file. A set of problem determination 
tools use defined product description, and the trace file data to provide an 
analysis to a user based on a defined level of analysis selected by the user from 
product, component, code and logical levels of analysis. 
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An object -based multi- threaded computing system has a cyclic garbage collection 
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strategy and includes an object locking system having (i) a first mode in which 
access by a single thread without contention to an object is controlled by a 
monitor internal to said object, and (ii) a second mode in which access by multiple 
threads with contention to said object is controlled by a monitor external to said 
object. For any given object a transition from the first mode to the second mode is 
termed inflation, and a transition from the second mode to the first mode is termed 
deflation. Responsive to the start of a period of contention for an object in said 
first mode, the object is inflated to the second mode, and an inflation rate 
counter is incremented. After the period of contention has concluded the value of 
the inflation rate counter is compared against a predetermined value in order to 
determine whether or not to deflate the object. The inflation rate counter is reset 
at every garbage collection cycle. 
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ABSTRACT : 

A system for monitoring and managing devices on network comprising one or more 
managed devices connected to the network and storage means for storing a device 
management application program associated with each of the managed devices. The 
system further includes a management station which is in communication with each of 
the managed devices across the network, and the management station is in 
communication with the storage means. When a user wishes to monitor, configure, or 
manage one of the managed devices on the network, the user preferably selects the 
managed device to be managed and the management station retrieves from the storage 
means the device management application program associated with the selected 
managed device. By the management station processing the management application 
program for the selected managed device, the management station allows the user to 
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monitor the status of the managed device, as well as change the configuration of 
and fix errors with the managed device. 
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An object-oriented compiler/interpreter allocates monitor records for use in 
implementing synchronized operations on objects. When a synchronization operation 
is to be performed on an object, a thread that is to perform the operation 
"inflates" the object's monitor by placing into its header a pointer to the monitor 
record as well as an indication of the monitor' s inflated status. When a thread is 
to release its lock on an object, it first consults a reference -count field in the 
monitor record to determine whether any other threads are synchronized on the 
object. It then dissociates the object from the monitor record. The dissociation is 
not atomic with the reference-count check, so the releasing thread checks the 
reference count again. If that count indicates that further objects had employed 
the monitor record to synchronize on the object in the interim, then the unlocking 
thread wakes all waiting threads. 
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US -CL- CURRENT: 717/130; 717/124, 717/127 
ABSTRACT: 

This invention describes a system and method for monitoring the execution of hybrid 
source code such as JavaServer Pages (JSP) code. The system comprises a page 
compiler, which is called by a server for translating JSP code into a servlet for 
execution by the server. The page compiler during translation of the JSP code 
inserts instrumentation in the compiled JSP code for supporting execution tracing 
by an execution monitor . The execution monitor receives outputs from the page 
compiler, the servlet and the raw JSP code for displaying selected information 
about the execution of the JSP code to the developer on a graphical user interface. 
The execution monitor thus allows the developer to view the correlation between the 
JSP code, the servlet code and the HTML code that is generated by the servlet. 

24 Claims, 6 Drawing figures 
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us -CL- CURRENT: 717/151; 713/375, l\l/\21 



ABSTRACT : 

A system and method for isolating the execution of a plurality of applications. A 
plurality of monitors are provided for a plurality of applications to access a 
static synchronized method. The applications are enabled to call the static 
synchronized method concurrently by accessing the static synchronized method 
through the plurality of monitors. A plurality of threads within one of the 
applications are excluded from calling the static synchronized method concurrently. 
The source code or bytecode for the synchronized method may be transformed by 
removing a method-level monitor and adding the plurality of monitors inside the 
method. In one embodiment, each static synchronized method is replaced with a 
corresponding static non- synchronized method. The applications may be further 
isolated by placing the static fields of shared classes into a static field class, 
which has one instance per utilizing application. The static non -synchronized 
method includes the body of the corresponding static synchronized method, wherein 
the body is synchronized on the instance of the static field class that corresponds 
to the utilizing application. 

30 Claims, 11 Drawing figures 
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ABSTRACT : 

A memory architecture in accordance with an embodiment of the present invention 
improves the speed of method invocation. Specifically, method frames of method 
calls are stored in two different memory circuits. The first memory circuit stores 
the execution environment of each method call, and the second memory circuit stores 
parameters, variables or operands of the method calls. In one embodiment the 
execution environment includes a return program counter, a return frame, a return 
constant pool, a current method vector, and a current monitor address. In some 
embodiments, the memory circuits are stacks; therefore, the stack management unit 
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to cache can be used to cache either or both memory circuits. The stack management 
unit can include a stack cache to accelerate data transfers between a stack-based 
computing system and the stacks. In one embodiment, the stack management unit 
includes a stack cache, a dribble manager unit, and a stack control. The dribble 
manager unit include fill control it and a spill control unit. Since the vast 
majority of memory accesses to the stack occur at or near the top of the stack, the 
dribble manager unit maintains the top portion of the stack in the stack cache. 
When the stack-based computing system is popping data off of the stack and a fill 
condition occurs, the fill control unit transfer data from the stack to the bottom 
of the stack cache to maintain the top portion of the stack in the stack cache. 
Typically, a fill condition occurs as the stack cache becomes empty and a spill 
condition occurs as the stack cache becomes full. 

56 Claims, 17 Drawing figures 
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The provides improved control devices, systems and methods for operation thereof. 
These rely on control devices that provide virtual machine environments in which 
Java objects, or other such software constructs, are executed to implement control 
(e.g., to monitor and/or control a device, process or system). These objects define 
blocks which are the basic functional unit of the control. They also define the 
input, output and body parts from which blocks are formed, and the signals that are 
communicated between blocks. The objects also define nested and composite groupings 
of blocks used to control loops and higher-level control functions. 

72 Claims, 18 Drawing figures 
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ABSTRACT: 



A system and method for monitoring and managing devices on a network. The system 
and method preferably comprises a proxy server connected to the network and a 
managed device connected to the proxy server. The system further comprises storage 
means for storing a device management application program associated with the 
managed device, and a management station in communication with the managed device 
via the proxy server and in communication with the storage means. The management 
station preferably is configured to retrieve the device management application 
program from the storage means and process the device management application 
program. As the management station processes the device management application 
program, the management station is able to monitor and manage the managed device. 
In particular, the management station can send management commands to a controller 
of the managed device via the proxy server, and the management station can receive 
notifications from the managed device, also via the proxy server. 

2 Claims, 16 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 13 



Citation Front RevieiAj Classification Date Reference 



□ 11. Document ID: US 6327700 Bl 

L6: Entry 11 of 15 



File: USPT 



Dec 4, 2001 



US-PAT-NO: 6327700 



http://westbrs:9000/bin/gate.exe?f^TOC&state=6t076m.7&ref^6&dbname=USPT&ESNAM... 3/14/05 



Record List Display 



Page 9 of 13 



DOCUMENT- IDENTIFIER: US 6327700 Bl 



TITLE: Method and system for identifying instrumentation targets in computer 
programs related to logical transactions 

DATE-ISSUED: December 4, 2001 



INVENTOR- INFORMATION : 
NAME 

Chen; J . Bradley 
Bershad; Brian N. 



CITY 

Seattle 

Seattle 



STATE 

WA 

WA 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 717/127; 717 / 130 



ABSTRACT : 

A method and system for identifying sets of instructions within a computer program, 
execution of which serve as an indicator for processing of a transaction by the 
computer program and that together comprise a witness set. The witness set may be 
employed to monitor execution of the computer program and detect processing of the 
transaction. Witness sets are constructed by iteratively filtering an initial set 
of instructions based on profile data collected during execution of the computer 
program. 

2 8 Claims, 4 Drawing figures 
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An object structure's header (40) allocates a two-bit synchronization-state field 
(42) solely to monitor data for implementing synchronization on that object. When 
the object is locked by a particular execution thread, or when one or more 
execution threads are waiting for a lock or notification on that object, its header 
contains a pointer to monitor resources in the form of a linked list of lock 
records (50, 52, 54) associated with the threads involved. The synchronization- 
state field (42) ordinarily contains an indication of whether such a linked list 
exists and, if so, whether its first member is associated with a thread that has a 
lock on the object. When a thread attempts to gain access to that linked list, it 
employs an atomic swap operation to place a special busy value in that lock- state 
field (42) and write its execution -environment pointer into the object's header 
(40) . If the previous value of that field was not the special busy value, the 
thread uses the header's previous contents to perform its intended synchronization 
operation. Otherwise, it obtains that information through its own execution 
environment (44, 46, or 48) or that of the thread whose identifier the object 
header previously contained. When the thread completes its synchronization 
operation, it employs an atomic compare -and -swap operation to write the results 
into the object's header if that header still contains the thread identifier that 
the thread originally wrote there. Otherwise, it communicates that information to 
its successor thread if the thread identifier is different and thereby indicates 
that at least one successor is contending for access to the linked list. 
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ABSTRACT : 

A method and apparatus for automatically configuring a network switch having 
external network data ports, a processor, and memory. Network data is monitored on 
the external network data port. Information about the network data traffic is 
compared to one or more threshold conditions. The network switch is automatically 
configured if the network data meets one of the threshold conditions. The monitor 
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and configuration functions can be performed by software running on the processor 
which has been downloaded from an external network maintenance station through a 
maintenance data port. Information about the network data traffic can be uploaded 
to the external network maintenance station through a maintenance data port. 
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ABSTRACT : 



An object structure's header (40) allocates a two-bit synchronization-state field 
(42) solely to monitor data for implementing synchronization on that object. When 
the object is locked by a particular execution thread, or when one or more 
execution threads are waiting for a lock or notification on that object, its header 
contains a pointer to monitor resources in the form of a linked list of lock 
records (50, 52, 54) associated with the threads involved. The synchronization- 
state field (42) ordinarily contains an indication of whether such a linked list 
exists and, if so, whether its first member is associated with a thread that has a 
lock on the object. When a thread attempts to gain access to that linked list, it 
employs an atomic swap operation to place a special busy value in that lock- state 
field (42) and write its execution -environment pointer into the object's header 
(40) . If the previous value of that field was not the special busy value, the 
thread uses the header's previous contents to perform its intended synchronization 
operation. Otherwise, it obtains that information through its own execution 
environment (44, 46, or 48) or that of the thread whose identifier the object 
header previously contained. When the thread completes its synchronization 
operation, it employs an atomic compare -and- swap operation to write the results 
into the object's header if that header still contains the thread identifier that 
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the thread originally wrote there. Otherwise, it communicates that information to 
its successor thread if the thread identifier is different and thereby indicates 
that at least one successor is contending for access to the linked list. 
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US -CL- CURRENT: 709 / 232 ; 709 / 223 , 709 / 224 , 709 / 235 , 709 / 238 
ABSTRACT: 

A method and apparatus for automatically configuring a network switch having 
external network data ports, a processor, memory, data bus, and coprocessor. 
Network data is monitored on the external network data port. Information about the . 
network data traffic is compared to one or more threshold conditions. The network 
switch is automatically configured by the coprocessor if the network data meets one 
of the threshold conditions. The monitor and configuration functions can be 
performed by software running on the coprocessor which has been downloaded from an 
external network maintenance station through a maintenance data port. Information 
about the network data traffic can be uploaded to the external network maintenance 
station through a maintenance data port . 
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TITLE: Process for rewriting executable content on a network server or desktop 
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ABSTRACT: 



A program or program snippet is rewritten to conform to site-specific properties 
prior to being executed by a target host. The program or program snippet directed 
to a target host from a known or unknown source is either intercepted by a server 
before reaching the target host or can be redirected from the target host to the 
server to effect its rewriting. The program is parsed in its external 
representation, converting it to an internal representation that is inspected and 
analyzed with reference to a site-specific properties database. A summary of the 
program's properties is then compared to the site-specific properties database by a 
binary rewriting engine, which produces a rewritten program in an internal 
representation. If appropriate, the program or program snippet is rewritten to 
convert it to a format suitable for execution on the target host. Furthermore, 
certifications may be added to the rewritten program to mark that the rewritten 
program obeys site-specific constraints. The rewriting service thus produces a 
program in an appropriate target representation that conforms to site-specific 
properties. These properties may relate to security, auditing, optimization, 
monitoring, threading, and/or management of the rewritten program. 
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ABSTRACT: 



Embodiments of message gates are described. A message gate is the message endpoint 
for a client or service in a distributed computing environment. A message gate may 
provide a secure endpoint that sends and receives type-safe messages. Gates may 
perform the sending and receiving of messages between clients and services using a 
protocol specified in a service advertisement. In one embodiment, the messages are 
extensible Markup Language (XML) messages. For a client, a message gate represents 
the authority to use some or all of a service's capabilities. Each capability may 
be expressed in terms of a message that may be sent to the service. Creation of a 
message gate may involve an authentication service that generates an authentication 
credential, and that may negotiate the desired level of security and the set of 
messages that may be passed between client and service. A message gate may perform 
verification of messages against a message schema to ensure that the messages are 
allowed. Message gates may embed the authentication credential in outgoing messages 
so that the receiving message gate may authenticate the message. Messages may also 
include information to allow the receiving gate to verify that the message has not 
been compromised prior to receipt. 
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ABSTRACT : 

In a distributed computing environment, a message gate may be the message endpoint 
for a client or service to communicate with another client or service. Devices may 
have a gate factory (e.g. message endpoint constructor) that is trusted code on the 
device for generating gates based on XML message descriptions. The use of the gate 
factory may ensure that the gate it generates is also trusted code, and that the 
code is correct with respect to a service advertisement. A service advertisement 
may indicate, for a particular service, a message schema, service URI and 
authentication service URI. In one embodiment, the pieces the gate factory needs to 
construct a gate are the XML schema of the service and the URI of the service. In 
another embodiment, an authentication credential may also be obtained and used in 
gate construction by running an authentication service specified in the service 
advertisement. A gate factory for a device may generate gate code that may 
incorporate the language, security, type safety, and/or execution environment 
characteristics of the local device platform. By constructing gates itself, a 
device has the ability to ensure that the generated gate code is relatively bug- 
free, produces only valid data, and provides type- safety. 
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Abdelnur; Alejandro Sunnyvale CA 

Gupta; Abhay Milpitas CA 

Callaghan; Brent Mountain View CA 

US -CL- CURRENT: 713/201; 709/229 
ABSTRACT : 

A method and apparatus for sharing resources in a network environment. An 
application running on a client can access a resource on a remote computer by 
submitting a request via an Internet browser. The request is analyzed, converted to 
proper format and is transferred over the network lines to a server that can 
satisfy the request. For security reasons, an application may not be authorized to 
submit a request directly to a server on the Internet. If a requesting application 
has a trusted status, then its request for connecting to the server is granted. If 
a request submitted by an application to a server is denied, then a server that 
entrusts the application is identified, and the request is submitted to that 
server. A program code called a "servlet" is implemented on that server to accept 
the requests submitted by a trusted application. The submitted requests are 
analyzed by the servlet and are forwarded to a resource server that can satisfy the 
requests. A response from the resource server is routed through the servlet back to 
the requesting application. 
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ABSTRACT: 

A method and apparatus for packaging and distributing software. Embodiments of the 
invention comprise a software packaging system that is portable across many 
platforms. Each package is self-contained in form of a single-file entity that 
comprises a payload file and a control file. The payload file is an archive file 
that contains a compressed collection of all the software files that are required 



http://westbrs:9000/bin/gate.exe?f^TOC&state=6t076m.6&ref^5&dbname 3/14/05 



Record List Display 



Pages of 13 



for installation of the software package. The control file includes the necessary 
information for installation of the files contained in the payload file, in 
addition to other descriptive information used to determine the size, type, 
location of storage, and other useful attributes of a software package, even before 
it is installed on a system. Security measures have been implemented in the system 
to detect a package the contents of which have been tampered with. Embodiments of 
the invention can be utilized to install packaged software that is accessible via 
the Internet. A package on a remote source can be accessed and installed using a 
Uniform Resource Locator (URL) that indicates the package's specific address on the 
remote source. Embodiments of the invention are designed such that the entire 
system is small in size so that the storage space and the transmission bandwidth 
required for their storage or transportation are minimized. Embodiments of the 
invention may be used to install, remove or update a software package. 
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ABSTRACT: 



The present invention provides obfuscation techniques for enhancing software 
security . In one embodiment, a method for obfuscation techniques for enhancing 
software security includes selecting a subset of code (e.g., compiled source code 
of an application) to obfuscate, and obfuscating the selected subset of the code. 
The obfuscating includes applying an obfuscating transformation to the selected 
subset of the code. The transformed code can be weakly equivalent to the 
untransformed code. The applied transformation can be selected based on a desired 
level of security (e.gi, resistance to reverse engineering). The applied 
transformation can include a control transformation that can be creating using 
opaque constructs, which can be constructed using aliasing and concurrency 
techniques . Accordingly, the code can be obfuscated for enhanced software security 
based on a desired level of obfuscation (e.g., based on a desired potency. 
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ABSTRACT : 



The Virtual Machine is viewed by many as inherently insecure despite all the 
efforts to improve its security . This invention provides methods, apparatus, and 
computer products to implement a system that provides operating system style 
protection for code. Although applicable to many language systems, the invention is 
described for a system employing the Java language. Hardware protection domains are 
used to separate Java classes, provide access control on cross domain method 
invocations, efficient data sharing between protection domains, and memory and CPU 
resource control. Apart from the performance impact, these security measures are 
all transparent to the Java programs, even when a subclass is in one domain and its 
superclass is in another, when they do not violate the policy. To reduce the 
performance impact, classes are grouped and shared between protection domains and 
map data lazily as it is being shared. The system has been implemented on top of 
the Paramecium operating system used as an example of an extensible operating 
system application. 
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ABSTRACT: 

A secured system for accessing application services from at least one application 
program where at least one client station having low-level application independent 
logics stored therein and at least one controller for controlling the low- level 
application independent logics, the low-level application logics including a user 
interface logic, a device control logic for controlling devices, a file system 
logic, and a communication interface logic, and wherein at least one client station 
has means to restrict access to said application independent logics, at least one 
application server having high-level application logic stored in a server device 
for running at least one application program, the server device being coupled to 
said at least one application server and low-level interface between said at least 
one client station and said at least one server for connecting said at least one 
client station to said at least one application server, wherein upon accessing by 
said at least one client station, said at least one application server runs at 
least one application program which selectively controls said low-level application 
independent logics for controlling devices of said at least one client station and 
accessing data of said at least one client station without permanently storing said 
at least one client station data in said at least one server. There is also a 
description of a secure operating system and method and a secured system and method 
of construction of a computer system as well as description of system and method of 
how to preserve a running current state of an application program for security and 
relocation purpose. 
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ABSTRACT : 

A system, method and article of manufacture are provided for managing an 
environment in a development architecture framework. Service of a system is managed 
based on service level agreements and/or operations level agreements. A plurality 
of system management operations are performed. The system management operations 
include start-up and shut-down operations, back-up and restore operations, 
archiving operations, security operations, and performance monitoring operations. 
Service is planned in order to anticipate and implement changes in the system. 
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A system, method, and article of manufacture are provided for providing security 
management in a development architecture framework. Unauthorized attempts to access 
a network are detected and when an unauthorized attempt to access the network is 
detected, a user is notified. Access from the network is restricted to a separate 
wide area network. The identities of users of credit cards are verified during 
transactions carried out over the network. The content of electronic mail 
communicated over the network is also monitored so that the communication of the 
electronic mail over the network is prevent when the content thereof being deemed 
inappropriate. The electronic mail is also encrypted during the communication 
thereof over the network. 
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Untrusted executable code programs (applets or controls) are written in native, 
directly executable code. The executable code is loaded into a pre -allocated memory 
range (sandbox) from which references to outside memory are severely restricted by 
checks (sniff code) added to the executable code. Conventional application-program 
interface (API) calls in the untrusted code are replaced with translation-code 
modules (thunks) that allow the executable code to access the host operating 
system, while preventing breaches of the host system's security . Static links in 
the code are replaced by calls to thunk modules. When an API call is made during 
execution, control transfers to the thunk, which determines whether the API call is 
one which should be allowed to execute on the operating system. 
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ABSTRACT: 

A network scanner for security checking of application programs (e.g. Java applets 
or Active X controls) received over the Internet or an Intranet has both static 
(pre-run time) and dynamic (run time) scanning. Static scanning at the HTTP proxy 
server identifies suspicious instructions and instruments them e.g. a pre-and-post 
filter instruction sequence or otherwise. The instrumented applet is then 
transferred to the client (web browser) together with security monitoring code. 
During run time at the client, the instrumented instructions are thereby monitored 
for security policy violations, and execution of an instruction is prevented in the 
event of such a violation. 
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ABSTRACT : 

A method and apparatus for sharing resources in a network environment. Typically, a 
computer linked to the Internet may have resources or may provide services, that 
are usable by other computers. A user, using one or more embodiments of the 
invention, can access those resources or services as if they were locally situated. 
An application running on a client can access a resource on a remote computer by 
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submitting a request via an Internet browser. The request is analyzed, converted to 
proper format and is transferred over the network lines to a server that can 
satisfy the request. For security reasons, an application may not be authorized to 
submit a request directly to a server on the Internet. For example, limitations 
have been implemented that prohibit a requesting application from obtaining access 
to resources of a server computer unless that application is a trusted application. 
If a requesting application has a trusted status, then its request for connecting 
to the server is granted. If a request submitted by an application to a server is 
denied, then a server that entrusts the application is identified, and the request 
is submitted to that server. A program code called a "servlet" is implemented on 
that server to accept the requests submitted by a trusted application. The 
submitted requests are analyzed by the servlet and are forwarded to a resource 
server that can satisfy the requests. A response from the resource server is routed 
through the servlet back to the requesting application. 

51 Claims, 7 Drawing figures 
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ABSTRACT : 

A method and apparatus for timely delivery of classes and objects is provided. A 
header comprising timing information is attached to said classes and/or objects. A 
"start loading" time and a "load by" time are specified in the header. Other 
classes and/or objects to be loaded are also specified in the header. Optional 
compression, security, and/or error resilience schemes are also specified in the 
header. A process for creating the header and attaching it to a class or object is 
provided. A process for receiving and processing a class or object with an attached 
header is provided. Embodiments of the invention allow timely delivery of classes 
and/or objects over a wide variety of transport mechanisms, including unreliable 
transport mechanisms and those lacking any guarantees of timely delivery. 
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ABSTRACT : 

A network scanner for security checking of application programs (e.g. Java applets 
or Active X controls) received over the Internet or an Intranet has both static 
(pre-run time) and dynamic (run time) scanning. Static scanning at the HTTP proxy 
server identifies suspicious instructions and instruments them e.g. a pre-and-post 
filter instruction sequence or otherwise. The instrumented applet is then 
transferred to the client (web browser) together with security monitoring code. 
During run time at the client, the instrumented instructions are thereby monitored 
for security policy violations, and execution of an instruction is prevented in the 
event of such a violation. 
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ABSTRACT : 



A computer system for generating and analyzing application trace data includes a 
monitor for launching Java language virtual machines using the Java Platform Debug 
Architecture to enable the virtual machines to generate event data on the 
occurrence of specified events during application execution on the virtual 
machines. The event data is placed on an event queue and the monitor removes the 
event data from the event queue for forwarding to a logging service. The logging 
service records the event data in a trace file. A set of problem determination 
tools use defined product description, and the trace file data to provide an 
analysis to a user based on a defined level of analysis selected by the user from 
product, component, code and logical levels of analysis. 
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ABSTRACT : 

The present invention provides obfuscation techniques for enhancing software 
security. In one embodiment, a method for obfuscation techniques for enhancing 
software security includes selecting a subset of code (e.g., compiled source code 
of an application) to obfuscate, and obfuscating the selected subset of the code. 
The obfuscating includes applying an obfuscating transformation to the selected 
subset of the code. The transformed code can be weakly equivalent to the 
untransf ormed code. The applied transformation can be selected based on a desired 
level of security (e.g., resistance to reverse engineering). The applied 
transformation can include a control transformation that can be creating using 
opaque constructs, which can be constructed using aliasing and concurrency 
techniques. Accordingly, the code can be obfuscated for enhanced software security 
based on a desired level of obfuscation (e.g., based on a desired potency, 
resilience, and cost) . 
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ABSTRACT: 



A system and method for isolating the execution of a plurality of applications. A 
plurality of monitors are provided for a plurality of applications to access a 
static synchronized method. The applications are enabled to call the static 
synchronized method concurrently by accessing the static synchronized method 
through the plurality of monitors. A plurality of threads within one of the 
applications are excluded from calling the static synchronized method concurrently. 
The source code or bytecode for the synchronized method may be transformed by 
removing a method- level monitor and adding the plurality of monitors inside the 
method. In one embodiment, each static synchronized method is replaced with a 
corresponding static non-synchronized method. The applications may be further 
isolated by placing the static fields of shared classes into a static field class, 
which has one instance per utilizing application. The static non- synchronized 
method includes the body of the corresponding static synchronized method, wherein 
the body is synchronized on the instance of the static field class that corresponds 
to the utilizing application. 
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The Virtual Machine is viewed by many as inherently insecure despite all the 
efforts to improve its security. This invention provides methods, apparatus, and 
computer products to implement a system that provides operating system style 
protection for code. Although applicable to many language systems, the invention is 
described for a system employing the Java language. Hardware protection domains are 
used to separate Java classes, provide access control on cross domain method 
invocations, efficient data sharing between protection domains, and memory and CPU 
resource control. Apart from the performance impact, these security measures are 
all transparent to the Java programs, even when a subclass is in one domain and its 
superclass is in another, when they do not violate the policy. To reduce the 
performance impact, classes are grouped and shared between protection domains and 
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map data lazily as it is being shared. The system has been implemented on top of 
the Paramecium operating system used as an example of an extensible operating 
system application. 
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The provides improved control devices, systems and methods for operation thereof. 
These rely on control devices that provide virtual machine environments in which 
Java objects, or other such software constructs, are executed to implement control 
(e.g., to monitor and/or control a device, process or system). These objects define 
blocks which are the basic functional unit of the control. They also define the 
input, output and body parts from which blocks are formed, and the signals that are 
communicated between blocks. The objects also define nested and composite groupings 
of blocks used to control loops and higher- level control functions. 
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TITLE: Method and system for identifying instrumentation targets in computer 
programs related to logical transactions 

DATE-ISSUED: December 4, 2001 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Chen; J. Bradley Seattle WA 

Bershad; Brian N. Seattle WA 

US -CL- CURRENT: 717 / 127 ; 717 / 130 
ABSTRACT : 

A method and system for identifying sets of instructions within a computer program, 
execution of which serve as an indicator for processing of a transaction by the 
computer program and that together comprise a witness set. The witness set may be 
employed to monitor execution of the computer program and detect processing of the 
transaction. Witness sets are constructed by iteratively filtering an initial set 
of instructions based on profile data collected during execution of the computer 
program. 

2 8 Claims, 4 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets : 4 
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ABSTRACT : 

Untrusted executable code programs (applets or controls) are written in native, 
directly executable code. The executable code is loaded into a pre-allocated memory 
range (sandbox) from which references to outside memory are severely restricted by 
checks (sniff code) added to the executable code. Conventional application-program 
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interface (API) calls in the untrusted code are replaced with translation-code 
modules (thunks) that allow the executable code to access the host operating 
system, while preventing breaches of the host system's security. Static links in 
the code are replaced by calls to thunk modules. When an API call is made during 
execution, control transfers to the thunk, which determines whether the API call is 
one which should be allowed to execute on the operating system. 

20 Claims, 4 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 4 
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ABSTRACT : 



A method for protecting an operating environment on a processor from a rogue 
program operating on the processor comprising isolating simultaneously executing 
programs or operating systems is disclosed. Memory space for use only by the first 
program while the first program is executing is allocated. Communication between 
the first program and the computer's operating environment is accomplished through 
a single link employing one of several methods including using shared memory space, 
a dedicated interrupt or a dedicated I/O port. The monitor manages a restricted 
operating environment for the first program on the processor, the restricted 
operating environment preventing the first program from accessing resources on the 
processor except for the allocated memory space the single communication link. 
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ABSTRACT: 



A method and apparatus for timely delivery of classes and objects is provided. A 
header comprising timing information is attached to said classes and/or objects. A 
"start loading" time and a "load by" time are specified in the header. Other 
classes and/or objects to be loaded are also specified in the header. Optional 
compression, security, and/or error resilience schemes are also specified in the 
header. A process for creating the header and attaching it to a class or object is 
provided. A process for receiving and processing a class or object with an attached 
header is provided. Embodiments of the invention allow timely delivery of classes 
and/or objects over a wide variety of transport mechanisms, including unreliable 
transport mechanisms and those lacking any guarantees of timely delivery. 
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NAME 
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STATE 
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TX 



US -CL- CURRENT: 713/200 
ABSTRACT: 

The present invention defines a means for establishing a secure connection between 
a Java Applet and a secure web server for protocols other than Https via the use of 
a Java Security Service. More specifically, the present invention uses the web 
browser's installed certificates to setup and establish an encrypted session 
between the Java Applet and the secure web server. The secure connection is then 
used to retrieve the certificates required by the Java security service. 
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A network scanner for security checking of application programs (e.g. Java applets 
or Active X controls) received over the Internet or an Intranet has both static 
(pre-run time) and dynamic (run time) scanning. Static scanning at the HTTP proxy 
server identifies suspicious instructions and instruments them e.g. a pre-and-post 
filter instruction sequence or otherwise. The instrumented applet is then 
transferred to the client (web browser) together with security monitoring code. 
During run time at the client, the instrumented instructions are thereby monitored 
for security policy violations, and execution of an instruction is prevented in the 
event of such a violation. 
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ABSTRACT: 



The present invention is a method of creating a secure sandbox within which a 
plurality of downloaded software components can execute in a secure manner. The 
software components can be of any type, e.g., Java, ActiveX, Netscape plugin, etc. 
The invention implements a security monitor that is injected to the address space 
of an arbitrary monitored application such as a Web browser, e.g., Internet 
Explorer, Netscape Navigator, etc. The monitored application then executes in a 
secure mode in which every software component downloaded executes in a secure 
sandbox. The security monitor detects when such a software component is downloaded 
and is operative to create the sandbox around it before it is permitted to execute. 
If the software component attempts to commit an action that breaches security, it 
halts the software component's execution and issues a warning to the user. The 
security monitor detects attempted security breaches by the software component in 
accordance with a user configurable security policy. Such a policy may include 
limiting file read/write access, access to directories, disk access, creation and 
the reading/writing of network connections, access to system resources and services 
and access to the address spaces of other processes. 
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